CVE-2016-3190 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cairo

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-839 — Numeric Range Comparison Without Minimum Check CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cairographics Cairo Debian Cairo Opensuse

Timeline

PublishedApr 21

Latest updateMay 14

Description

The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/cairo< cairo 1.14.2-2 (bookworm)

▶Debiancairographics/cairo< 1.14.2-2+3

▶NVDcairographics/cairo1.12.16

▶NVDopensuse/opensuse13.2

Patches

Patch: mail.gnome.org ↗Patch: mail.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-79hm-39g3-fw94: The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor↗2022-05-14

▶

OSV

CVE-2016-3190: The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor↗2016-04-21

▶

📋Vendor Advisories

Red Hat

cairo: out of bounds read in fill_xrgb32_lerp_opaque_spans↗2016-03-10

▶

Debian

CVE-2016-3190: cairo - The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo ...↗2016

▶

💬Community

Bugzilla

CVE-2016-3190 mingw-cairo: cairo: out of bounds read in fill_xrgb32_lerp_opaque_spans [epel-7]↗2016-03-18

▶

Bugzilla

CVE-2016-3190 cairo: out of bounds read in fill_xrgb32_lerp_opaque_spans↗2016-03-18

▶